Thanks for the replies, below are the responses I received, thanks for the
responses and I found it very helpful.
>From Ken the following:
I just did this about 2 weeks ago. First of all, the procedure will
depend
on if you are going to be using NIS to distribute the user information.
In a case without NIS, you end up with a /etc/passwd file with '*' in the
password field and the system creates a /var/tcb/files/auth database in
which
the passwords (and other user info) is in there. In a nis case, you end up
with a /var/yp/src/passwd and /var/yp/src/prpasswd file (this one contains
the password). In either case, only the passwd file is readable by users.
It's not like a Solaris type shadow file, as it's really 'lite-C2'.
It's just a matter of running sysman secconfig and turning on shadow
passwords. But - read the manuals THROUGHOULY. It's not a step to be
taken lightly, as any user account creation/modification programs that you
have written will have to be changed, along with having to
recompile/reinstall and/or configure any programs which do password
checking (imap/pop/ssh, etc).
And - it's much harder to delete user accounts, as they are retired in this
by default, deleting them requires extra steps (something I still have to
figure out).
>From Rochelle the following:
I believe you can turn on shadowing using sysman.
When you configure security it will ask to choose options one
of which is shadowing only (we use full enhanced security)
I am 99.9% that it would not be compatible with Solaris.
However, I haven't looked at the file so there is a slight chance.
Certainly using enhanced security (the whole thing) is totally
incompatible.
Received on Tue Aug 22 2000 - 22:44:40 NZST